Versions Compared

Old Version 3

changes.mady.by.user Nikolay Izhikov

Saved on

compared with

New Version Current

changes.mady.by.user Ismael Juma Juma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Status

Current stateUnder DiscussionAccepted

Discussion thread: here

JIRA: KAFKA-9320

...

If Kafka started on java11 compatible environment then 

SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1.2,TLSv1.3"

...

Migration: Users who are using TLSv1.1 and TLSv1 should enable these versions of the protocol with the explicit configuration property "ssl.enabled.protocols"

TLSv1.3 will not work for users who configured cipher suite explicitly - one needs to update the list of ciphers to include TLSv1.3 ciphers which use a different naming convention. The client will downgrade to TLS 1.2 in this case.

Rejected Alternatives

Wait until java8 gets TLSv1.3 support and made changes afterward.